Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1680 1 Jupiter Cms 1 Jupiter Cms 2026-04-16 N/A
Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php.
CVE-2006-1682 1 Talentsoft 1 Web\+ Shop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script.
CVE-2006-1683 1 Chipmunk Scripts 1 Chipmunk Guestbook 2026-04-16 N/A
SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name.
CVE-2006-1684 1 Ecotwo 1 Shopsystem 2026-04-16 N/A
Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via (1) the lang parameter in news.php and (2) other unspecified vectors.
CVE-2006-1686 1 Apt 1 Apt-webshop-system 2026-04-16 N/A
Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp parameter.
CVE-2006-1687 1 Apt 1 Apt-webshop-system 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality.
CVE-2006-1696 1 Gallery Project 1 Gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-1689 1 Hp 1 Hp-ux 2026-04-16 N/A
Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access.
CVE-2006-1690 1 Manic Web 1 Mwnewsletter 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter.
CVE-2006-1691 1 Manic Web 1 Mwnewsletter 2026-04-16 N/A
SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the user_name parameter to unsubscribe.php.
CVE-2006-1693 1 Globalscape 1 Secure Ftp Server 2026-04-16 N/A
Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument.
CVE-2006-1694 1 Xbrite 1 Xbrite Members 2026-04-16 N/A
SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-1695 1 Fbida 1 Fbida 2026-04-16 N/A
The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID].
CVE-2006-1698 1 Matt Wright 1 Matt Wright Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.
CVE-2006-1699 1 Aweb 1 Banner Generator 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner Generator 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the banner parameter in view mode.
CVE-2006-1709 1 Interaktiv 1 Interaktiv.shop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters.
CVE-2006-1710 1 Design Nation 1 Dnguestbook 2026-04-16 N/A
SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters.
CVE-2006-1711 1 Plone 1 Plone 2026-04-16 N/A
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.
CVE-2006-1712 1 Gnu 1 Mailman 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.
CVE-2006-1713 1 Phpmyforum 1 Phpmyforum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.